SYS211 Netgard Secure Scanning for US DOD-Fed … Participant W… · · 2013-01-0812/16/2011 1...

12/16/2011

1

SYS211 e-Le@rning:Netgard Secure Scanning for U.S. DOD and Federal Agencies

Presenter: Henry Gold

Business Area Manager

API Technologies

Please silence your cell phones

Keep background noise to a minimum

Before we begin…

Keep background noise to a minimum

Do not put your phone on HOLD

Please let instructor know if anyone else is sitting in with you

Toshiba Academy Systems e-Le@rning Program

The phone audio will be muted - Please save questions until the end or submit text based questions as we move through presentation

12/16/2011

2

Have questions?

Submit text based Submit text based questions questions

via the Q&A podvia the Q&A pod


via the Q&A podvia the Q&A pod

Your Status

Throughout the program, we will ask you to respond by indicating your “Status.”

When asked please use the “Status Options” drop-down button, located at the top of your screen.


Set your status now by indicating: “Agree”

12/16/2011

3

The goals of today’s e-Le@rning session are…

e-Le@rning Goals

Introduce the new Netgard MFD security solution that will help facilitate sales to U.S. DOD (and soon civilian agencies)

How does Netgard relate to GSA?

Reduce your sales cycle

Provide you with product training to get you started with N d MFD


Netgard MFD

e-Le@rning Objectives

Upon completion of this course, you will be able to:Build your knowledge of a key Security requirement to deploy systems to the U.S. DOD and Civilian Agencies

Give you the tools needed to close business with the U.S. Gov.

Provide the necessary skills to install this solution


12/16/2011

4

Agenda

1. API Technologies Introduction

2 Netgard™ Overview2. Netgard™ Overview

3. Physical Installation and Technical Overview

4. Live Q&A Discussion


API Technologies Introduction

Who is API Technologies?

Featured Customers

The Customer Need

Toshiba Academy MPS Certification Program

12/16/2011

5

Company Snapshot

Prime contractor in sophisticated electronics, highly engineered systems, secure communications and electronic components and subsystems to the global defense and aerospace industriesdefense and aerospace industriesPublicly traded (ATNY.OB)Revenues of over $380M2000 EmployeesKey product focus

Defense & Aerospace Products & ServicesS t & E i i S i


Systems & Engineering ServicesSecure Communications Products & ServicesComponents & Subsystems

Featured Customers

US & International Government Agencies

Leading Government & Defense Contractors


12/16/2011

6

The Customer Need

DOD Requirement:

All multi-function devices (MFDs) that canAll multi-function devices (MFDs) that can transmit scan jobs over the LAN must be secured by a Common Access Card (CAC) that will verify and authorize the user before a scan-to-network function is permitted (STIG)

Expanding security to “Copy” function & “Print Release”

Seeing requirement at Civilian Agencies HSPD‐12


g q g(PIV card)

HSPD 12

CAC & SMARTCARD Deployments

17 million cards issued to date

5 5 million active cards are in use5.5 million active cards are in use today

Today CACs are:The standard at more than 1,000 sites

Used in over 25 countries

To date the DoD has deployed over 1


p ymillion card readers and associated middleware around the world

12/16/2011

7

Netgard Overview

How it works

Authentication Options

Value Proposition


End Users Brings their CAC Card to our Device Status/ Job Copy

Netgard: How it Works

They insert their CAC Card in the readerThey enter their Pin NumberThe Server Verifies Credentials(OCSP/LDAP/AD)Operation Panel Access Granted OCSP/LDAP/AD

Cancel

Program

Application

Copy

Send

Document Box


OR

Operation Panel Access Denied

12/16/2011

8

Connectivity

• Simple, in‐line Ethernet connection


• Web‐based remote admin

• Integrates with Active Directory and/or PKI

• Supports CAC PIN, X.509 certificate, LDAP, PKI and OCSP

Live Video Demonstration


12/16/2011

9

Conforms to DoD requirements

Works with all major copier models

Important Facts

Support for CAC/PIV V1 & V2

Special security features:FIPS 140-2 & 201

Email encryption & signing

Confirms identity of sender


Confirms identity of sender

Added security on Scan-to-Email feature replaces the “From” “Reply-to” and “Sender” fields with CAC user’s email address (obtained from CAC or LDAP)

Netgard Customers / Deployments

Over 3000 Netgard™ devices are currently deployed in all branches of armed services:

Air Force (Andrews, Ramstein, Bolling & Hill AFB)

Army (Aberdeen, Fort Collins)

Army National Guard

Army Reserves

Navy (Jabuti Naval Base)


Navy (Jabuti Naval Base)

DAPS/DLA

12/16/2011

10

Configurable Authentication Options

PIN (Default, Always ON)

User’s PIN is used to unlock the CAC.

X509 validation (requires issuer certificate)

CAC certificate Challenge/responseCAC certificate Challenge/response

Requires issuer certificate

OCSP

User’s certificate is sent to OCSP server for revocation check.

Requires issuer certificate

LDAP/LDAPS (anonymous and non-anonymous)

LDAP lookup is performed to ensure the user is valid


LDAP lookup is performed to ensure the user is valid

LDAPS requires server certificate

Non-anonymous lookup requires username and password

Kerberos

Network PKI authentication

No adjustment to the Copier/MFP is required – the Netgard MFD connects the MFP to the LAN and

How Does the Netgard Affect the Printer/MFP?

Netgard MFD connects the MFP to the LAN and handles all network traffic control.

Windows users see no difference when they print to the Copier/MFP or add a printer.

Administrators may connect to Copier/MFP and manage it using the browser interface as normal.


Other Copier/MFP communication, like the Printer Monitor Utility (SNMP based), is unaffected as well.

12/16/2011

11

Value Proposition

Quick to market CAC/PIV – Secures Scan to Network.No custom development needed on MFD

MFD agnosticMFD agnostic

Easy to deploy

With over 3000 devices deployed…field tested

Significant investment – core competency

Priced right


Additional Points

Next release will support GSA PIV (1st half 2012)

Secure Print Release - Print to cloud with NSI

Scan to home – Utilizes NSI AutostoreScan to home – Utilizes NSI Autostore


12/16/2011

12

Physical Installation

Let’s Install Netgard

Connectivity and Physical Connections

Local Access Via IP Connection

Basic Configuration

Setup of MFP


Advanced Authentication Options

Netgard Maintenance

Pre-Installation Checklist

Troubleshooting

Connectivity


12/16/2011

13

Physical Connection

Make connectionsConnect CAC Reader to USB port

Connect base network to LAN port

Connect copier to DEV port

Connect computer to MGMT port (no crossover needed)

Connect Vend cable via USB port (optional)

Power up unit (~60 seconds to boot)


p ( )

Initial Install Requires Local AccessVia IP Connection


12/16/2011

14

Administering Netgard MFD

Administer Netgard by plugging directly into the Ethernet Management (MGMT) port.

Set computer IP to:

IP: 192 168 20 20IP: 192.168.20.20

Subnet: 255.255.255.0

Gateway: 192.168.20.1

Use FireFox web browser to administer Netgard

https://192.168.20.1:8080

Login information


g

ID: admin

Password: password

For additional details see the quick install guide.

GUI


12/16/2011

15

Netgard Homepage


Tour of UI

Basic Configuration


12/16/2011

16

Click on the “Network” Tab

Set IP addresses

Set the Netgard’s Lan Address If DHCP write

Network configuration (Step #1)

Address. If DHCP write down the IP address.

Tell the Netgard the IP address of the Printer

Click the “Apply” button

Set Copier IP:IP: 192.168.10.30


Subnet:255.255.255.0GW: 192.168.10.1

Additional configuration optional

Click on the “Scan Setup” button

Enable Required f ti lit

Scan Setup (Step #2)

functionalityEmail

Set SMTP server IP

Scan to self?

Encryption & Signing

FTP


Append file header name?

Click the “Apply” button

12/16/2011

17

Scan Setup (Step #2 cont.)

Enable SMBOpen F/W when CAC authenticated?Set NSI/Autostore informationClick the “Apply” button


Netgard Admin (Optional)

Click on the “Admin” tab

Turn on Management port on LAN Port so Administer Netgard remotely

Define an ACL


12/16/2011

18

Click on the Admin->Users t b

User Administration

tab.Add a new “Admin” level userDelete the


default admin user.

Initial Netgard Configuration Complete…. Now Setup MFP


12/16/2011

19

MFP Configuration

Set Copier IP address to address configured in the first step (default = 192.168.10.30)p ( )

Setup Scan to Network functionalitySame configuration as if copier was sitting on customer network.

If Email set to “Send to Self” add one “Destination”


IP Configuration on e-STUDIO MFP

IP address = 192 168 10 30192.168.10.30

Subnet Mask= 255.255.255.0

Gateway = 192.168.10.1


12/16/2011

20

Test Basic Functionality

Authenticate with a CAC and testScan to email Scan to SMB Scan to FTPScan to email, Scan to SMB, Scan to FTP

Perform same test without CAC

Browse to CopierUse “LAN” IP address of Netgard (http://10.10.3.153)

Test Print functionalityUse “LAN” IP address of Netgard


Use LAN” IP address of Netgard

Advanced Authentication Options


12/16/2011

21

Authentication Screen

• Authentication Options• X.509 – Local certificate

authentication

• OCSP – Revocation List

• LDAP – Active Directory Lookup

• Kerberos – Authentication


Click on Scan Setup-> Certificates button

Upload Certificates (chain of trust)“Upload Trusted Certificates” button on the right hand side

Additional Configuration for X.509

Certificates must be in Base-64 encoded format (pem file extension)

Point the Netgard to a NTP server to ensure the Date/Time is properly set (Admin->Time Zone)


12/16/2011

22

Netgard Maintenance


Configuration Management

Go to the Admin->UtilitiesBackup and restore a device configurationPerform a Netgard UpgradeReboot the device


12/16/2011

23

Pre-Installation Check List


Pre-Installation Checklist

Netgard IP address (Subnet & Mask)May need to provide MAC address

DNS IPDNS IP

SMTP IP address

NTP IP

Root & intermediate certificates

OCSP URL

LDAP i f ti


LDAP informationIP, Login, Search details

CAC card available for testing

12/16/2011

24

Troubleshooting


1) Check Computer’s IP address

IP: 192.168.20.20

Subnet: 255.255.255.0

Can’t Get to Management Port?

Gateway: 192.168.20.1

2) Confirm that your computer IP address changed:

Open Command Window (run>CMD)

At the prompt type IPCONFIG

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :


IP Address. . . . . . . . . . . . : 192.168.20.20

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.20.1

3) Start a New web browser session (Firefox)

Ensure that the URL is correct https://192.168.20.1:8080

12/16/2011

25

Diagnostics & Logs


Confirm that the Netgard configuration is correct:Email configuration

Scan Setup->Scan to Network->Enable Email

Scan Setup >Scan to Network >Server IP address correct

Troubleshooting Scan to Email

Scan Setup->Scan to Network->Server IP address correct

Copier device (Network->Configuration->Copier IP Address)

Confirm that the Netgard can ping the copier & SMTP server

Take Netgard out of loop to ensure copier setup

Confirm that the user successfully completed the CAC authentication.


Reader displays “Ready to Scan”

Capture email session to determine root causeMonitoring->Diagnostics->Packet Trace->Network Select (LAN and MFD)

12/16/2011

26

Troubleshooting CAC authentication failure

Start off simple - Add layers of authentication to ensure configuration is correctgConfirm that the Netgard can ping the OCSP, LDAP serverTake Netgard out of loop to ensure copier setupCapture failed authentication session to determine root cause


Monitoring->Diagnostics->Packet Trace->Network Select (LAN and MFD)

Wrap-up

Additional Materials from API TechnologiesUser Guide

Quick Install Guide

Installation & Configuration Videos

Product Catalog

Negard MFD Community on

Toshiba eXCHANGE


Software & Services > Security > Netgard MFD

12/16/2011

27

API Technologies NetgardTechnical Training Certification Process

1. There are no prerequisites for the course

2. A Tech ID is REQUIRED to access API Technologies Netgard CBT/Certification Test

If you do not have a Tech ID, please see you local FYI SIS Admin to add you to the Service Group and request a Tech ID at:

FYI > Training > Service > Dealer Administration > New Tech Application

3. Once you have a Tech ID have your Service Manager enroll you in:

CBT course 12199: API Technologies Netgard


CBT course 12199: API Technologies Netgard

4. A dealer technical representative must pass the technical CBT to be eligible to purchase Netgard solution

API Technologies NetgardSales Training Certification Process

Pass the “73. API Technologies Netgard Certification Final Exam” on FYI

FYI > Training > Sales > Testing > Product Knowledge Testing

Must score of 80% or better to pass


12/16/2011

28

Questions


Thank you for attending!

Product [email protected]

+1 (908) 546-3900 option 8


Henry Gold+1 (908) 546-3907

[email protected]

12/16/2011

29

Eric RoskellyDigital Training ManagerDigital Training Manager

973-316-2700 Ext #42730

[email protected]

Please advise us if you have not registered!


Rob TroxelDigital Training ManagerDigital Training Manager888-343-6245 Ext #5602

[email protected]



12/16/2011

30

Dean TamashiroDigital Training ManagerDigital Training Manager

949-462-6927

[email protected]



Date post:	17-Apr-2018
Category:	Documents
Upload:	lamquynh
View:	215 times
Download:	2 times

SYS211 Netgard Secure Scanning for US DOD-Fed … Participant W… · · 2013-01-0812/16/2011 1...

Documents